| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
| Cc: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Noah Misch <noah(at)leadboat(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Jeff Janes <jeff(dot)janes(at)gmail(dot)com>, Joe Conway <mail(at)joeconway(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: scram and \password |
| Date: | 2017-04-26 16:38:10 |
| Message-ID: | CA+Tgmob3oL+xLxMgD6zmhhDab62yr67W4bbALT3G_swkG6NmPg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Apr 26, 2017 at 6:22 AM, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> wrote:
> On 04/25/2017 06:26 PM, Heikki Linnakangas wrote:
>> Thoughts? Unless someone has better ideas or objections, I'll go
>> implement that.
> This is what I came up with in the end. Some highlights and differences vs
> the plan I posted earlier:
>
> * If algorithm is not given explicitly, PQencryptPasswordConn() queries
> "SHOW password_encryption", and uses that. That is documented, and it is
> also documented that it will *not* issue queries, and hence will not block,
> if the algorithm is given explicitly. That's an important property for some
> applications. If you want the default behavior without blocking, query "SHOW
> password_encryption" yourself, and pass the result as the 'algorithm'.
TBH, I'd just require the user to specify the algorithm explicitly.
Having it run SHOW on the server seems wonky. It introduces a bunch
of failure modes for ... no real benefit, I think.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2017-04-26 16:41:56 | Re: Partition-wise join for join between (declaratively) partitioned tables |
| Previous Message | Fujii Masao | 2017-04-26 16:36:13 | Re: some review comments on logical rep code |